popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2015-06-04 08:51:43

PE Imphash

67f10a91110943b1e66ce1a1b097152b

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00015dfc 0x00016000 6.01204802227
.data 0x00017000 0x00002108 0x00001000 0.0
.rsrc 0x0001a000 0x00000958 0x00001000 2.03321728065

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0001a418 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0001a418 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0001a418 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x0001a3e8 0x00000030 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x0001a150 0x00000298 LANG_ENGLISH SUBLANG_ENGLISH_US data

Imports

Library MSVBVM60.DLL:
0x401000 _CIcos
0x401004 _adj_fptan
0x401008 __vbaVarMove
0x40100c __vbaFreeVar
0x401010 __vbaStrVarMove
0x401014 __vbaFreeVarList
0x401018 _adj_fdiv_m64
0x40101c None
0x401020 __vbaFreeObjList
0x401024 _adj_fprem1
0x401028 __vbaRecAnsiToUni
0x40102c __vbaStrCat
0x401030 None
0x401034 __vbaSetSystemError
0x40103c _adj_fdiv_m32
0x401040 __vbaAryDestruct
0x401044 None
0x401048 __vbaVarForInit
0x40104c None
0x401050 __vbaObjSet
0x401054 None
0x401058 __vbaOnError
0x40105c _adj_fdiv_m16i
0x401060 _adj_fdivr_m16i
0x401064 None
0x401068 None
0x40106c _CIsin
0x401070 __vbaChkstk
0x401074 EVENT_SINK_AddRef
0x401078 __vbaStrCmp
0x40107c __vbaVarTstEq
0x401080 __vbaAryConstruct2
0x401084 __vbaI2I4
0x401088 DllFunctionCall
0x40108c None
0x401090 _adj_fpatan
0x401094 __vbaLateIdCallLd
0x401098 __vbaRecUniToAnsi
0x40109c EVENT_SINK_Release
0x4010a0 __vbaUI1I2
0x4010a4 _CIsqrt
0x4010ac __vbaExceptHandler
0x4010b0 _adj_fprem
0x4010b4 _adj_fdivr_m64
0x4010b8 __vbaFPException
0x4010bc None
0x4010c0 _CIlog
0x4010c4 __vbaNew2
0x4010c8 None
0x4010cc _adj_fdiv_m32i
0x4010d0 _adj_fdivr_m32i
0x4010d4 __vbaStrCopy
0x4010d8 None
0x4010dc __vbaFreeStrList
0x4010e0 _adj_fdivr_m32
0x4010e4 _adj_fdiv_r
0x4010e8 None
0x4010ec __vbaI4Var
0x4010f0 None
0x4010f4 __vbaLateMemCall
0x4010f8 __vbaVarDup
0x4010fc __vbaStrToAnsi
0x401100 None
0x401104 __vbaFpI4
0x401108 _CIatan
0x40110c __vbaStrMove
0x401110 None
0x401114 _allmul
0x401118 _CItan
0x40111c None
0x401120 __vbaFPInt
0x401124 __vbaVarForNext
0x401128 _CIexp
0x40112c __vbaFreeObj
0x401130 __vbaFreeStr
0x401134 None
!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
9YWUrI
Nonlibelously4
teknonom
ADULTERATORS
ADULTERATORS
Timer2
VScroll2
HScroll2
Combo2
Flodbredderne5
Option2
Stolper
Check2
heppede
Check1
Demonetization5
Command2
normocytic
MULTIVARIANT
sprachle
Frame2
supersalesmen
VASSALED
Timer1
Drive1
VScroll1
HScroll1
Combo1
ALEXANDRINA
Option1
topforhandlings
PLANKERNES
Frame1
Ketonemia
Command1
WEASELLED
Shape2
Label1
kagler
Image1
Shape1
Shape3
Shape4
Uligheden4
iXgk6v
hBnr0>B
so@doUu
#&hAnD
yh~oN4 f
FFZW>Y
oGiPnV
3Lnri@
yUo%nW]
c'Bk3Q&
nGU,Mc
nkiYnO4 f
MhJnih|
o]iHnp8E
unGUS6
oN,T0j
VB5!6&*
DUALIZE
Nonlibelously4
Nonlibelously4
Nonlibelously4
teknonom
Gasarters
Proctoptosis6
REPROP
Check2
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Image1
Drive1
Label1
Option1
Command1
VScroll1
Uligheden4
Command2
Check1
Frame1
HScroll1
Timer2
HScroll2
Option2
Timer1
Combo2
Frame2
VScroll2
Combo1
user32
GetCursorPos
wininet.dll
FtpDeleteFileA
GetWindowRect
IsCharAlphaA
SetSystemCursor
comctl32
FlatSB_GetScrollProp
gdi32.dll
GdiTransparentBlt
GetSystemPaletteEntries
OpenClipboard
InvertRgn
CreateSolidBrush
Territorialfarvandenes
Registerable2
Afbrers
VBA6.DLL
__vbaAryDestruct
H__vbaAryConstruct2
__vbaFpI4
__vbaVarTstEq
__vbaStrCmp
=T__vbaRecAnsiToUni
__vbaRecUniToAnsi
__vbaI2I4
__vbaVarForNext
__vbaVarForInit
__vbaOnError
__vbaStrCopy
__vbaLateMemCall
__vbaFreeStrList
__vbaStrCat
__vbaFreeVar
__vbaFreeObjList
__vbaI4Var
__vbaLateIdCallLd
__vbaStrVarMove
__vbaUI1I2
__vbaFreeStr
__vbaSetSystemError
__vbaStrToAnsi
__vbaFreeVarList
__vbaVarDup
__vbaStrMove
__vbaVarMove
__vbaFPInt
__vbaFreeObj
__vbaHresultCheckObj
__vbaNew2
__vbaObjSet
REPROP
tripla
tripla
Proctoptosis6
Pengesedler
Pengesedler
Gasarters
Skiveskydnings
Skiveskydnings
Aabningsdag
Anmassendes
POPULISTIC
foredevote
Hinkendes5
milieuinvesteringers
Regneoperatorernes9
Heighted
fkalieopsamlingen
} j\h@
} jphP
} jHh`
} jXhp
} jXh<
} j`h|
} j`hP
} jhh|
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaVarForInit
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaStrCmp
__vbaVarTstEq
__vbaAryConstruct2
__vbaI2I4
DllFunctionCall
_adj_fpatan
__vbaLateIdCallLd
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaI4Var
__vbaLateMemCall
__vbaVarDup
__vbaStrToAnsi
__vbaFpI4
_CIatan
__vbaStrMove
_allmul
_CItan
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr
Access 2000;
uforstandigtlnudviklin
Tableauernefric4
UNIFORMERINGSWIGWAMM
bobbishmaanedsblade
Unlobbying1
clonisms
NIl38nAPrKUVgeOlQd22
arbejdsvgringers
Defiguration
tristesse
Nedkom3
Destillerapparaterne
iNLD9UFrr9PzridffCi117
Pushrods8
hBxf4sE8WkIau6onktUdTG197
Modstrid5
Martrv4
blomstergartnerier
AMIDATE
Absorberne
Douchen
Kterens2
knudson
councilwomen
moguntine
Koebenhavns
FALDGRUBES
annuary
Turnerende
Xylindein8
DISTHRALL
Eskadreflyvninger
Sekretariatslederes
Sildefdningers5
Overfladiskes9
Checkhefternes
Fidusmagere
ELEVTES
Pointel9
Unenlightenment
Astian2
Raffiner
Kontrasignaturens2
recalibrate
ARCHENTERON
MUUMUUS
kunstsamlinger
PROFEMINISTS
coffeepot
AFFRINGSMIDDELS
Bouvardias
Samplingsfrekvensen4
Aftrdendes
Unmovability4
kommunevalgets
retrievabilities
ligaen
BANDERILLA
Hemiramph
Stileretningen
Deliristisk
Gataabning3
Bespeckled
FLICKERMOUSE
GAVOTTING
JACQUARDVVEDE
Titledom
usnobbetheds
Toppunktets
incumberment
GGEUNGERNE
CONTERMINATE
MANIFESTOES
Visage7
Crownling
BRAMMINGE
PHORANTHIUM
FISKERBAADS
Spiritusindkbets
Concilium
HONNOER
precontractual
OLIVIERO
Budgettr
Ambers9
WITHING
Bogtilrettelgning4
RACISMS
UNDERSAATS
Formindskende1
blastophaga
piroplasmata
SPAANTAGES
Auraen
ungulite
Trilliums2
Slvholdige
Chowderheaded
Noxiously
BESKRMER
Ressouces
Ophjelsens7
handicrafters
DETAINED
Somnambulically7
SEMIGRANULATE
Prtentis2
JUSTLER
Rejsning3
Beewort
Ibrugtagnings6
SVINGKARRUSELLENS
Skarprettere
fstnelserne
Skrivehjuls6
sleepful
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
040904B0
Comments
Express Link
CompanyName
Express Link
FileDescription
Express Link
ProductName
Express Link
FileVersion
ProductVersion
InternalName
DUALIZE
OriginalFilename
DUALIZE.exe
Antivirus Signature
Bkav W32.AIDetect.malware2
Elastic malicious (high confidence)
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
Qihoo-360 Clean
ALYac Gen:Variant.Razy.868336
Cylance Clean
VIPRE Clean
AegisLab Trojan.Win32.Razy.4!c
Sangfor Trojan.Win32.Save.a
K7AntiVirus Clean
BitDefender Gen:Variant.Razy.868336
K7GW Clean
Cybereason Clean
Baidu Clean
Cyren W32/VBKrypt.AVB.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 Clean
APEX Malicious
Avast FileRepMalware
Cynet Clean
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Gen:Variant.Razy.868336
Rising Trojan.Mucc!8.E6AB (CLOUD)
Ad-Aware Gen:Variant.Razy.868336
Emsisoft Gen:Variant.Razy.868336 (B)
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition PWS-FCYP!A82C3F7955C2
FireEye Gen:Variant.Razy.868336
Sophos Clean
SentinelOne Clean
GData Gen:Variant.Razy.868336
Jiangmin Clean
Webroot Clean
Avira Clean
MAX malware (ai score=85)
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Trojan.Razy.DD3FF0
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Hynamer.A!ml
AhnLab-V3 Trojan/Win.Generic.R420423
Acronis Clean
McAfee Artemis!A82C3F7955C2
TACHYON Clean
VBA32 Clean
Malwarebytes Malware.AI.2371230209
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002H06ED21
Tencent Clean
Yandex Clean
Ikarus Clean
eGambit Clean
Fortinet Clean
BitDefenderTheta Gen:NN.ZevbaF.34690.gm0@aODM9iai
AVG FileRepMalware
Paloalto generic.ml
CrowdStrike win/malicious_confidence_90% (W)
MaxSecure Clean
No IRMA results available.